Professional Documents
Culture Documents
1
Public Key Cryptography
Agenda:
Message authentication –
authentication codes and hash
functions
Public key encryption –
principles and algorithms
Exchange of conventional keys
Digital signatures
key management
2
Recall Security Services
3
Security Attacks
Threa ts
4
Security Attacks
Passive th re ats
Release of Traffic
message contents analysis
5
Security Attacks
Ac ti ve th rea ts
6
What Is Message
Authentication
It’s the “source,” of course!
Procedure that allows communicating
parties to verify that received
messages are authentic
Characteristics:
source is authentic – masquerading
contents unaltered – message
modification
timely sequencing – replay
7
Can We Use Conventional
Encryption?
Only sender and receiver share
a key
Include a time stamp
Include error detection code and
sequence number
8
Message Authentication
Sans Encryption
Append an authentication tag to a
message
Message read independent of
authentication function
No message confidentiality
9
Message Authentication
w/o Confidentiality
Application that broadcasts a
message – only one destination
needs to monitor for
authentication
Too heavy a load to decrypt –
random authentication checking
Computer executables and files –
checked when assurance required
10
Life Without
Authentication
11
Message
Authentication Code
12
Message
Authentication Code
13
Message
Authentication Code
Receiver assured that message is
not altered – no modification
Receiver assured that the message
is from the alleged sender – no
masquerading
Include a sequence number,
assured proper sequence – no
replay
14
Message
Authentication Code
DES is used
Need not be reversible
Checksum
Stands up to attack
But there is an alternative...
15
One Way Hash Function
Hash function accepts a variable
size message M as input and
produces a fixed-size message
digest H(M) as output
No secret key as input
Message digest is sent with the
message for authentication
Produces a fingerprint of the
message
16
One Way Hash Function
Authenticity is assured
17
One Way Hash Function
18
One Way Hash Function
Ideally We Would Like To Avoid Encryption
Encryption software is slow
Encryption hardware costs aren’t
cheap
Hardware optimized toward large
data sizes
Algorithms covered by patents
Algorithms subject to export
control
19
One Way Hash Function
Assumes secret value SAB
MDM||M
MDM = H(SAB||M)
No encryption for message authentication
Secret value never sent; can’t modify the message
Important technique for Digit al Sign atu re s
20
Hash Function
Requirements
H can be applied to a block of data of
any size
H produces a fixed length output
H(x) is relatively easy to compute
weak
For any given code h, it is
computationally infeasible to find x
such that H(x) = h one way
For any given block x, it is
computationally infeasible to find y ≠ x
with H(y) = H(x) weak collision resistance
It is computationally infeasible to find
any pair (x,y) such that H(x) = H(y) strong
21
Simple Hash Functions
Input: sequence of n-bit block
22
Bitwise XOR
23
SHA-1 Secure Hash
Function
Developed by NIST in 1995
Input is processed in 512-bit blocks
Produces as output a 160-bit
message digest
Every bit of the hash code is a
function of every bit of the input
Very secure – so far!
24
SHA-1 Secure Hash
Function append length
append padding bits
Every bit of the hash code is a function of every bit of the input!
25
SHA-1 Secure Hash
Function
26
Other Hash Functions
Most follow basic structure of SHA-1
This is also called an iterated hash
function – Ralph Merkle 1979
If the compression function is
collision resistant, then so is the
resultant iterated hash function
Newer designs simply refine this
structure
27
MD5 Message Digest
Ron Rivest - 1992
RFC 1321
Input: arbitrary Output: 128-bit
digest
Most widely used secure hash
algorithm – until recently
Security of 128-bit hash code has
become questionable (1996, 2004)
28
RIPEMD-160
29
HMAC
Effort to develop a MAC derived
from a cryptographic hash code
Executes faster in software
No export restrictions
Relies on a secret key
RFC 2104 list design objectives
Used in Ipsec
Simultaneously verify integrity and
authenticity
30
HMAC Structure
Message, M
secret key
By passing Si and So
through the hash
algorithm, we have
pseudoradomly
output generated two keys
from K.
31
Public Key Encryption
Diffie and Hellman – 1976
First revolutionary advance in
cryptography in thousands of years
Based on mathematical functions
not bit manipulation
Asymmetric, two separate key
Profound effect on confidentiality,
key distribution and authentication
32
Public Key Encryption
33
Public Key Structure
Plaintext: message input into the
algorithm
Encryption algorithm: transformations
on plaintext
Public & Private Key: pair of keys, one
for encryption; one for decryption
Ciphertext: scrambled message
Decryption algorithm: produces original
plaintext
34
Conventional
Encryption
35
Public Key Encryption
36
The Basic Steps
Each user generates a pair of keys
The public key goes in a public
register
The private key is kept private
If Bob wishes to send a private
message to Alice, Bob encrypts the
message using Alice’s public key
When Alice receives the message,
she decrypts using her private key
37
Public Key Authentication
38
Public Key Applications
Encryption/decryption – encrypts a
message with the recipient’s public
key
Digital signature – sender signs a
message with private key
Key Exchange – two sides
cooperate to exchange a session
key
39
Requirements For
Public Key
Easy for party B to generate pairs:
public key KUb ; private key KRb
Easy for sender A to generate
cipertext using public key:
C = E KUb(M)
Easy for receiver B to decrypt
using the private key to recover
HINT: original message
PUBLIC
PRIVATE
M = DKRb(C) = DKRb[E KUb(M)]
40
Requirements For
Public Key
It is computationally infeasible for an
opponent, knowing the public key KUb
to determine the private key KRb
It is computationally infeasible for an
opponent, knowing the public key KUb
and a ciphertext, C, to recover the
original message, M
Either of the two related keys can be
used for encryption, with the other used
for decryption
M = DKRb[EKUb(M)]= DKUb[EKRb(M)]
41
RSA Algorithm
Ron Rivest, Adi Shamir, Len Adleman –
1978
Most widely accepted and implemented
approach to public key encryption
Block cipher where M and C are integers
between 0 and n-1 for some n
Block size is 2k bits, where 2k ≤ n ≥ 2k+1
Following form:
C = Me mod n
M = Cd mod n = (Me)d mod n = Med mod n
42
RSA Algorithm
43
RSA Requirements
44
RSA Algorithm
45
RSA Algorithm
46
RSA Example
M
C M
e d
47
RSA Strength
Brute force attack: try all possible
keys – the larger e and d the more
secure
The larger the key, the slower the
system
For large n with large prime factors,
factoring is a hard problem
Cracked in 1994 a 428 bit key; $100
Currently 1024 key size is considered
strong enough
48
Diffie-Hellman Key
Exchange
51
Other Public Key
Algorithms
52
Other Public Key
Algorithms
Elliptic Curve Cryptography (ECC) –
it is beginning to challenge RSA
Equal security for a far smaller bit
size
Confidence level is not as high yet
53
Digital Signatures
54
Public Key
Authentication
55
Digital Certificate
Certificate consists of a public key
plus a user ID of the key owner,
with the whole block signed by a
trusted third party, the certificate
authority (CA)
X.509 standard
SSL, SET and S/MIME
Verisign is primary vendor
56
Public Key Certificate Use
57